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Claim Rejections - 35 USC § 102 

1 . The following is a quotation of the appropriate paragraphs of 35 U.S.C. 1 02 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in a patent granted on an application for patent by another filed in the 
United States before the invention thereof by the applicant for patent, or on an international application 
by another who has fulfilled the requirements of paragraphs (1 ), (2), and (4) of section 371 (c) of this 
title before the invention thereof by the applicant for patent. 

The changes made to 35 U.S.C. 102(e) by the American Inventors Protection Act 
of 1999 (AlPA) and the Intellectual Property and High Technology Technical 
Amendments Act of 2002 do not apply when the reference is a U.S. patent resulting 
directly or indirectly from an international application filed before November 29, 2000. 
Therefore, the prior art date of the reference is determined under 35 U.S.C. 102(e) prior 
to the amendment by the AlPA (pre-AlPA 35 U.S.C. 102(e)). 

2. Claims 1-26 and 37 are rejected under 35 U.S.C. 102(e) as being anticipated by 
Caronni (7,336,790). 

The applied reference has a common assignee with the instant application. 
Based upon the earlier effective U.S. filing date of the reference, it constitutes prior art 
under 35 U.S.C. 102(e). This rejection under 35 U.S.C. 102(e) might be overcome 
either by a showing under 37 CFR 1 .1 32 that any invention disclosed but not claimed in 
the reference was derived from the inventor of this application and is thus not the 
invention "by another," or by an appropriate showing under 37 CFR 1 .131 . 



Regarding claim 1, 
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Caronni (7,336,790) discloses a nnetliod for comnnunicating between a first 
private networl< (a VPN 1 -not sliown, or could be enterprise network 102) and a second 
private network (superNet-not shown) configured from nodes (i.e., 301, 304, 312-fig.3) 
in a public network, comprising: 

receiving a non-tunneled packet from a source node in the first private 
network (step 602-fig.6A, when a node from a VPN1 joining a Supernet-VPN2); 

determining whether the packet is destined for the second private network (step 
602-fig.6A, validated ID and password for Supernet-emphasis added); 

obtaining an address mapping corresponding to a destination node in the 
second private network and acquiring a channel key associated with a channel based 
on the determination (step 606-fig.6A), 

wherein the channel comprises a plurality of non-tunneled 

virtual links (a collection of virtual links, col. 5, lines 11-15) through the public 

network that connects a plurality of channel nodes, the channel nodes including 

the source node and the destination node (fig.4, channel having nodes), 
wherein only the channel nodes are permitted to 

communicate over the channel (col.5, lines 11-23&see also fig.4), 
wherein the channel key is updated upon an addition of a 

new channel node to the channel (col.5, lines 53-56; col.9, lines 42-45), and 
wherein the channel key is updated upon a departure of one 

of the channel nodes from the channel (col.5, lines 53-56; col.9, lines 42-45); and 
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forwarding tlie pacl<et over tlie cliannel to tlie destination node (col .5, lines 16- 

17). 

Regarding claim 2, 

Caronni further discloses said forwarding comprising: sending the packet to the 
destination node using the address mapping, the address mapping reflecting a 
relationship between an internal address for the destination node for use in 
communicating among nodes in the second private network and an external address for 
the destination node suitable for communicating over the public network (steps 606- 
608). 

Regarding claim 3, 

Caronni further discloses said sending further comprising, adding the external 
address (new member's virtual address, col. 9, lines 11 & 61) to the packet. 

Regarding claim 4, 

Caronni further discloses said sending further comprising, encrypting the packet 
(col.9, lines 41-42). 

Regarding claim 5 

Caronni further discloses said obtaining comprising, accessing the address 
mapping based on a determination that the packet is destined for the second private 
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network (steps 604-606-fig.6A, joining supernet). 
Regarding claim 6, 

Caronni furtlier discloses said determining comprising, determining whether an 
address mapping exists for a destination address in the packet (step 604-fig.6A). 

Regarding claim 7, 

Caronni discloses a method for communicating between a first private 
network (VPN1-i.e., enterprise network, fig.1) and a second private network (supernet) 
configured from nodes in a public network, comprising: 

receiving a non-tunneled packet from a source node in the first private 
network (step 602-fig.6A, when a node from a VPN1 joining a Supernet-VPN2); 

determining whether the packet is destined for the second private network (step 
602-fig.6A, validated ID and password for Supernet-emphasis added); 

obtaining an address mapping corresponding to a destination node in the 
second private network (step 606-fig.6A), and acquiring a channel key associated with a 
channel based on the determination (step 610-fig.6A), 

wherein the channel comprises a plurality of non-tunneled 

virtual links (a collection of virtual links, col. 5, lines 11-15) through the public 

network that connects a plurality of channel nodes, the channel nodes including 

the source node and the destination node (fig.4, channel having nodes). 
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wherein only tlie cliannel nodes are permitted to communicate over tlie 

cliannel (col.5, lines 11-23 & see also fig.4), 

wherein the channel key is updated upon an addition of a 

new channel node to the channel (col.5, lines 53-56; col.9, lines 42-45), and 

wherein the channel key is updated upon a departure of one of the channel 
nodes from the channel (col.5, lines 53-56; col.9, lines 42-45); and 

sending the packet over the channel to the destination node (col.5, lines 16-17) 
using the address mapping, the address mapping reflecting a relationship between an 
internal address for the destination node for use in communicating among nodes in the 
second private network and an external address for the destination node suitable for 
communicating over the public network (steps 606-608). 

Regarding claim 8, 

Caronni discloses a method for communicating between a first private 
network (enterprise network) and a second private network (supernet)that uses a public 
network infrastructure, comprising: 

receiving a non-tunneled packet from a source node in the second private 
network(step 602-fig.6A, when a node from a VPN1 joining a Supernet-VPN2); 

determining whether the packet is destined for the second private network (step 
602-fig.6A, validated ID and password for Supernet-emphasis added); 
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obtaining an address mapping corresponding to a router node in tlie first 
private networl< (step 606-fig.6A), and acquiring a cliannel l<ey associated witli a 
cliannel based on tlie determination (step 610-fig.6A), 

wlierein tlie cliannel comprises a plurality of non-tunneled virtual links (a 

collection of virtual links, col. 5, lines 11-15) through the public network that 

connects a plurality of channel nodes, the channel nodes including the source 

node and the router node (fig.4, channel having nodes), 

wherein only the channel nodes are permitted to communicate over the 

channel (col.5, lines 1 1-23 & see also fig.4), 

wherein the channel key is updated upon an addition of a 

new channel node to the channel (col.5, lines 53-56; col.9, lines 42-45), and 
wherein the channel key is updated upon a departure of one 
of the channel nodes from the channel (col.5, lines 53-56; col.9, lines 42-45); and 

forwarding the packet over the channel to a destination node in the first 
private network (col.5, lines 16-17). 

Regarding claim 9, 

Caronni further discloses said forwarding comprising: sending the packet to the 
router node using the address mapping, wherein the router node forwards the packet to 
the destination node based on an internal address in the packet for the destination node 
suitable for communicating among nodes in the first private network (steps 606-608, 
fig.6A). 
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Regarding claim 10, 

Caronni furtlier discloses said sending further comprising, 
adding, to the packet, an external address for the router node suitable for 
communicating over the public infrastructure (new member's virtual address, col.9, lines 
11 &61). 

Regarding claim 11, 

Caronni further discloses said sending further comprising, encrypting the packet 
(col.9, lines 41-42). 

Regarding claim 12, 

Caronni further discloses said obtaining comprising, accessing the address 
mapping based on a determination that the packet is not destined for the second private 
network (steps 604-606, fig.6A, joining supernet). 

Regarding claim 13, 

Caronni further discloses said determining comprising, determining whether an 
address mapping exists for a destination address in the packet (step 604-fig.6A). 



Regarding claim 14, 
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Caronni discloses a nnetliod for comnnunicating between a first private 
networl< and a second private networl< tliat uses a public network infrastructure, 
comprising: 

receiving a non-tunneled packet from a source node in the second private 
network (step 602-fig.6A, when a node from a VPN1 joining a Supernet-VPN2); 

determining whether the packet is destined for the second private network (step 
602-fig.6A, validated ID and password for Supernet-emphasis added); 

obtaining an address mapping corresponding to a router node (step 606-fig.6A), 
and acquiring a channel key associated with a channel based on the 
determination (step 610-fig.6A), 

wherein the channel comprises a plurality of non-tunneled virtual links (a 
collection of virtual links, col. 5, lines 11-15) through the public network that 
connects a plurality of channel nodes, the channel nodes including the source 
node and the router node (fig.4, channel having nodes), 

wherein only the channel nodes are permitted to communicate over the 
channel (col.5, lines 1 1-23 & see also fig.4), 

wherein the channel key is updated upon an addition of a 
new channel node to the channel (col.5, lines 53-56; col.9, lines 42-45), and 

wherein the channel key is updated upon a departure of one 
of the channel nodes from the channel (col.5, lines 53-56; col.9, lines 42-45); and 
sending the packet over the channel to the router node using the address mapping 
(col.5, lines 16-17). wherein the router node forwards the packet to a destination node in 
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the first private networl< based on an internal address in tlie pacl<et for tlie destination 
node suitable for comnnunicating among nodes in the first private network (steps 6060- 
608-fig.6A). 

Regarding claim 15, 

Caronni discloses an apparatus for communicating between a first private 
network and a second private network that uses a public network infrastructure, 
comprising: 

a memory having program instructions; and 

a processor responsive to the program instructions to: 

receive a non-tunneled packet from a source node in the first 

private network (step 602-fig.6A, when a node from a VPN1 joining a Supernet- 

VPN2), 

determine whether the packet is destined for the second 
private network (step 602-fig.6A, validated ID and password for Supernet- 
emphasis added), 

acquire a channel key associated with a channel based on 
the determination (step 610-fig.6A), 

wherein the channel comprises a plurality of non- 
tunneled virtual links (a collection of virtual links, col.5, lines 11-15) 
through the public network that connects a plurality of channel nodes, the 
channel nodes including the source 
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node and a destination node in tlie second private networl< (fig.4, cliannel 
liaving nodes), 

wlierein only tlie cliannel nodes are permitted to communicate over the 
channel(col.5, lines 11 -23 & see also fig.4), 

wherein the channel key is updated upon an addition 
of a new channel node to the channel (col .5, lines 53-56; col .9, lines 42- 
45), and 

wherein the channel key is updated upon a departure of one of the 
channel nodes from the channel (col. 5, lines 53-56; col. 9, lines 42-45); 
and 

forward the packet over the channel to the destination node (col .5, lines 16-17). 

Regarding claim 16, 

Caronni discloses an apparatus for communicating between a first private 
network and a second private network that uses a public network infrastructure, 
comprising: 

a memory having program instructions (col. 8, line 63-col.9, Iine5); and 
a processor responsive to the program instructions to: 

receive a non-tunneled packet from a source node in the second private 
network (step 602-fig.6A, when a node from a VPN1 joining a Supernet-VPN2), 

determine whether the packet is destined for the second private network 
(step 602-fig.6A, validated ID and password for Supernet-emphasis added), and 
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acquire a cliannel l<ey associated witli a cliannel based on 
tlie determination, 

wlierein tlie cliannel comprises a plurality of non-tunneled virtual links (a 
collection of virtual links, col. 5, lines 11-15) through the public network that 
connects a plurality of channel nodes, the channel nodes including the source 
node and a destination node in the first private network (fig. 4, channel having 
nodes), 

wherein only the channel nodes are permitted to communicate over the 
channel, [[and]] 

wherein the channel key is updated upon an addition of a new channel 
node to the channel (col. 5, lines 53-56; col. 9, lines 42-45), and 

wherein the channel key is updated upon a departure of one of the channel nodes from 

the channel (col. 5, lines 53-56; col. 9, lines 42-45); and 

forward the packet over the channel to the destination node (col. 5, lines 16-17). 

Regarding claim 17, 

Caronni discloses a tangible computer-readable storage medium 
containing instructions (col. 8, line 63-col.9, Iine5) which, when executed by a processor, 
perform a method for communicating between a first private network and a second 
private network that uses a public network infrastructure, the method comprising: 
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receiving a non-tunneled pacl<et from a source node in tlie first private 
networl< (step 602-fig.6A, wlien a node from a VPN1 joining a Supernet-VPN2); 

determining wlietlier tlie pacl<et is destined for tlie second private networl< 
(step 602-fig.6A, validated ID and password for Supernet-emphasis added); 

obtaining an address mapping corresponding to a destination node in the 
second private network (step 606-fig.6A), and acquiring a channel key 
associated with a channel based on the determination (step 610-fig.6A), 

wherein the channel comprises a plurality of non-tunneled 
virtual links (a collection of virtual links, col. 5, lines 11-15) through the public 
network that connects a plurality of channel nodes, the channel nodes including 
the source node and the destination node (fig.4, channel having nodes), 

wherein only the channel nodes are permitted to communicate over the 
channel (col.5, lines 1 1-23 & see also fig.4), 

wherein the channel key is updated upon an addition of a 
new channel node to the channel (col.5, lines 53-56; col. 9, lines 42-45),l, and 
wherein the channel key is updated upon a departure of one 
of the channel nodes from the channel (col.5, lines 53-56; col. 9, lines 42-45); and 

sending the packet over the channel to the destination node using the address 
mapping (col.5, lines 16-17), the address mapping reflecting a relationship between an 
internal address for the destination node for use in communicating among nodes in the 
second private network and an external address for the destination node suitable for 
communicating over the public infrastructure (steps 606-608-fig.6A). 
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Regarding claim 18, 

Caronni furtlier discloses said sending further comprising, adding the external 
address to the packet (new member's virtual address, col. 9, lines 1 1 and 61). 

Regarding claim 19, 

Caronni further discloses said sending further comprising, encrypting the packet 
(col.9, lines 41-42). 

Regarding claim 20, 

Caronni further discloses said obtaining comprising, accessing the address 
mapping based on a determination that the packet is destined for the second private 
network (steps 604-606, fig.6A, joining supernet). 

Regarding claim 21, 

Caronni further discloses said determining comprising, determining whether an 
address mapping exists for a destination address in the packet (step 604, fig.6A). 

Regarding claim 22 

Caronni discloses a tangible computer-readable storage medium 
containing instructions which, when executed by a processor (col. 8, line 63-col.9, lineS), 
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perform a method for communicating between a first private networl< and a second 
private networl< tliat uses a public networl< infrastructure, tlie metliod comprising: 

receiving a non-tunneled packet from a source node in the second private 
network (step 602-fig.6A, when a node from a VPN1 joining a Supernet-VPN2); 

determining whether the packet is destined for the second private network 
(step 602-fig.6A, validated ID and password for Supernet-emphasis added); 

obtaining an address mapping corresponding to a router node (step 606- 
fig.6A), and acquiring a channel key associated with a channel based on the 
determination (step 610-fig.6A)„ 

wherein the channel comprises a plurality of non-tunneled virtual links (a 
collection of virtual links, col. 5, lines 11-15) through the public network that 
connects a plurality of channel nodes, the channel nodes including the source 
node and the router node (fig.4, channel having nodes), 

wherein only the channel nodes are permitted to communicate over the 
channel (col.5, lines 1 1-23 & see also fig.4), 

wherein the channel key is updated upon an addition of a 
new channel node to the channel (col.5, lines 53-56; col.9, lines 42-45), and 

wherein the channel key is updated upon a departure of one 
of the channel nodes from the channel (col.5, lines 53-56; col.9, lines 42-45); and 
sending the packet over the channel to the router node using the address mapping 
(col.5, lines 16-17), wherein the router node forwards the packet to a destination node in 
the first private network based on an internal address in the packet for the destination 
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node suitable for comnnunicating among nodes in tlie first private networl< (steps 606- 
608-fig.6A). 

Regarding claim 23, 

Caronni further discloses said sending further comprising, adding, to the packet, 
an external address for the router node suitable for communicating over the public 
infrastructure (new member's virtual address, col. 9, lines 11 & 61)). 

Regarding claim 24, 

Caronni further discloses said sending further comprising, encrypting the packet 
(col.9, lines 41-42). 

Regarding claim 25, 

Caronni further discloses said obtaining comprising, accessing the address 
mapping based on a determination that the packet is not destined for the second private 
network (steps 604-606, fig.6A, joining supernet). 

Regarding claim 26, 

Caronni further discloses said determining comprising, determining whether an 
address mapping exists for a destination address in the packet (step 604, fig.6A). 
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Claims 27-36. (Cancelled). 
Regarding claim 37. 

(Previously Presented) A method for communicating between a first private 
network and a second private network configured from nodes in a public network, 
comprising: 

receiving, at a router node, a first non-tunneled packet from a source node in the 
first private network, wherein the router node facilitates connection between the first 
private network and the second private network (step 602-fig.6A, when a node from a 
VPN1 joining a Supernet-VPN2); 

determining whether the first packet is destined for the second private network 
(step 602-fig.6A, validated ID and password for Supernet-emphasis added); 

obtaining an address mapping corresponding to a second destination 
node in the second private network and acquiring a channel key associated with a 
channel based on the determination (step 606-fig.6A), 

wherein the channel comprises a plurality of non-tunneled virtual links (a 
collection of virtual links, col. 5, lines 11-15) through the public network that connects a 
plurality of channel nodes, the channel nodes including the source node and the router 
node (fig.4, channel having nodes), 

wherein only the channel nodes are permitted to communicate over the 

channel (col.5, lines 1 1-23 & see also fig.4). 
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wherein tlie cliannel l<ey is updated upon an addition of a new cliannel node to 
tlie cliannel (col. 5, lines 53-56; col. 9, lines 42-45), and 

wherein the channel key is updated upon a departure of one 
of the channel nodes from the channel (col. 5, lines 53-56; col. 9, lines 42-45); 

sending the first packet over the channel to the second destination node using 
the address mapping (steps 606-608, fig.6A), the address mapping reflecting a 
relationship between an internal address for the second destination node for use in 
communicating among nodes in the second private network and an external address for 
the second destination node suitable for communicating over the public infrastructure; 

receiving a second non-tunneled packet from a source node in the second 
private network (step 602-fig.6A, when another node from a VPN1 joining a Supernet- 
VPN2); 

determining whether the second packet is destined for the second private 
network (step 602-fig.6A, validated ID and password for Supernet-emphasis added); 

obtaining an address mapping corresponding to the router node based on the 
determination that the second packet is not destined for the second private network 
(step 606-fig.6A); and 

sending the packet over the channel to the router node using the address 
mapping corresponding to the router node (col. 5, lines 16-17), wherein the router node 
forwards the packet to a first destination node in the first private network based on an 
internal address in the second packet for the first destination node suitable for 
communicating among nodes in the first private network (steps 606-608-fig.6A). 
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Allowable Subject Matter 

3. The indicated allowability of claims 1 -26, 37 is withdrawn in view of the newly 
discovered reference(s) to Caronni (7, 336,790). Rejections based on the newly cited 
reference(s) follow. 

4. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

Caronni (6,938,169) and Matsumoto (6215877). 

5. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to PHUONGCHAU BA NGUYEN whose telephone number 
is (571)272-3148. The examiner can normally be reached on Monday-Thursday from 
8:30 a.m. to 7:00 p.m.. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Huy Vu can be reached on 571-272-3155. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding tlie status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/PHUONGCHAU BA NGUYEN/ 
Examiner, Art Unit 2616 



/Huy D. Vu/ 

Supervisory Patent Examiner, Art Unit 2616 



